From 880a5139b229ef3ed91a68706d9ca966c3d79378 Mon Sep 17 00:00:00 2001
From: "sxw@401" <sxwxs@msn.com>
Date: Thu, 17 Sep 2015 10:24:01 +0800
Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E5=88=A4=E6=96=AD=E7=94=A8?=
 =?UTF-8?q?=E6=88=B7=E7=99=BB=E5=BD=95=E6=98=AF=E5=90=A6=E9=9C=80=E8=A6=81?=
 =?UTF-8?q?=E9=AA=8C=E8=AF=81=E7=A0=81=E7=9A=84API?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 account/views.py | 27 +++++++++++++++++++++++++++
 oj/urls.py       |  3 ++-
 2 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/account/views.py b/account/views.py
index 4aa326a..9d1c847 100644
--- a/account/views.py
+++ b/account/views.py
@@ -26,6 +26,14 @@ class UserLoginAPIView(APIView):
         serializer = UserLoginSerializer(data=request.data)
         if serializer.is_valid():
             data = serializer.data
+            user = User.objects.get(username=data["username"])
+            # 只有管理员才适用验证码登录
+            if user.admin_type > 0:
+                if not "captcha" in data:
+                    return error_response(u"请填写验证码！")
+                captcha = Captcha(request)
+                if not captcha.check(data["captcha"]):
+                    return error_response(u"验证码错误")
             user = auth.authenticate(username=data["username"], password=data["password"])
             # 用户名或密码错误的话 返回None
             if user:
@@ -64,6 +72,9 @@ class UserRegisterAPIView(APIView):
         serializer = UserRegisterSerializer(data=request.data)
         if serializer.is_valid():
             data = serializer.data
+            captcha = Captcha(request)
+            if not captcha.check(data["captcha"]):
+                return error_response(u"验证码错误")
             try:
                 User.objects.get(username=data["username"])
                 return error_response(u"用户名已存在")
@@ -206,3 +217,19 @@ class UserInfoAPIView(APIView):
         response_serializer: UserSerializer
         """
         return success_response(UserSerializer(request.user).data)
+
+
+class AccountSecurityAPIView(APIView):
+    def get(self, request):
+        """
+        判断用户登录是否需要验证码
+        ---
+        """
+        username = request.GET.get("username", None)
+        if username:
+            try:
+                User.objects.get(username=username, admin_type__gt=0)
+            except User.DoesNotExist:
+                return success_response({"applied_captcha":False})
+            return success_response({"applied_captcha":True})
+        return success_response({"applied_captcha":False})
\ No newline at end of file
diff --git a/oj/urls.py b/oj/urls.py
index eda20bb..1b5d10e 100644
--- a/oj/urls.py
+++ b/oj/urls.py
@@ -4,7 +4,7 @@ from django.views.generic import TemplateView
 
 from account.views import (UserLoginAPIView, UsernameCheckAPIView, UserRegisterAPIView,
                            UserChangePasswordAPIView, EmailCheckAPIView,
-                           UserAdminAPIView, UserInfoAPIView)
+                           UserAdminAPIView, UserInfoAPIView, AccountSecurityAPIView)
 
 from announcement.views import AnnouncementAdminAPIView
 
@@ -116,4 +116,5 @@ urlpatterns = [
     url(r'^api/submission/share/$', SubmissionShareAPIView.as_view(), name="submission_share_api"),
 
     url(r'^captcha/$', "utils.captcha.views.show_captcha", name="show_captcha"),
+    url(r'^api/account_security_check/$', AccountSecurityAPIView.as_view(), name="account_security_check"),
 ]